mumpix 1.0.5 → 1.0.6

package/CHANGELOG.md

@@ -0,0 +1,22 @@
+# Changelog
+
+## 1.0.6 - 2026-02-27
+
+### Security hardening
+- Added file identity metadata (`fileId`) and hash algorithm metadata (`hashAlg`) in headers for new/opened stores.
+- Added strict integrity verification during load/WAL replay for `strict` and `verified` modes.
+- Added monotonic/unique record ID validation in `strict` and `verified` modes.
+- Added support for keyed record hashes (`hmac256`) when `MUMPIX_INTEGRITY_SECRET` is set.
+- Kept backward compatibility for legacy hash records in migration scenarios.
+
+### Licensing and tier model
+- Updated mode capability gating:
+  - Community/Free: `eventual`
+  - Developer/Teams: `eventual`, `strict`
+  - Compliance/Enterprise: `eventual`, `strict`, `verified`
+- Removed free-tier write-count enforcement; gating now focuses on production capabilities.
+- Added optional file-bound license context support (`fid`) for stronger license binding.
+
+### Reliability
+- Hardened strict-mode behavior to fail fast on malformed or tampered WAL/record entries.
+

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "mumpix",
-  "version": "1.0.5",
+  "version": "1.0.6",
   "description": "SQLite for AI — embedded, zero-config memory database for AI agents and LLM applications",
   "main": "src/index.js",
   "bin": {
@@ -34,8 +34,9 @@
     "src/",
     "bin/",
     "examples/",
+    "CHANGELOG.md",
     "README.md",
     "LICENSE"
   ],
   "homepage": "https://mumpixdb.com"
-}
+}

package/src/core/MumpixDB.js

@@ -59,16 +59,16 @@ class MumpixDB {
       throw new Error(`Invalid consistency mode "${consistency}". Valid: ${VALID_MODES.join(', ')}`);
     }
 
+    const store = new MumpixStore(filePath);
+    store.open({ consistency });
+
     // License Initialization & Check
     const license = new LicenseManager(opts.licenseKey);
+    license.setFileContext(store.header && store.header.fileId ? store.header.fileId : null);
     await license.init();
 
-    if (consistency === 'verified') {
-      license.checkLimit('mode', 'verified');
-    }
-
-    const store = new MumpixStore(filePath);
-    store.open({ consistency });
+    // Capability-gated consistency mode check (Option B model)
+    license.checkLimit('mode', consistency);
 
     let auditLog = null;
     if (consistency === 'verified') {

package/src/core/license.js

@@ -16,6 +16,25 @@ class LicenseManager {
     this.verified = false;
     this.userId = 'guest';
     this._ml_dsa = null;
+    this.fileId = null;
+  }
+
+  // Capability matrix for Option B model.
+  // free/community: eventual only
+  // developer/teams: eventual + strict
+  // compliance/enterprise: eventual + strict + verified
+  _capsForTier(tier) {
+    const t = String(tier || 'free').toLowerCase();
+    if (t === 'developer') return { modes: ['eventual', 'strict'] };
+    if (t === 'teams' || t === 'team') return { modes: ['eventual', 'strict'] };
+    if (t === 'compliance' || t === 'enterprise' || t === 'verified' || t === 'pro') {
+      return { modes: ['eventual', 'strict', 'verified'] };
+    }
+    return { modes: ['eventual'] };
+  }
+
+  setFileContext(fileId) {
+    this.fileId = fileId ? String(fileId) : null;
   }
 
   async init() {
@@ -54,6 +73,12 @@ class LicenseManager {
         throw new Error('License key has expired');
       }
 
+      // Optional binding for newly issued licenses.
+      // Backward-compatible: if fid missing from payload, accept legacy license.
+      if (payload.fid && this.fileId && String(payload.fid) !== String(this.fileId)) {
+        throw new Error('License key is bound to a different file');
+      }
+
       this.userId = payload.id;
       this.tier = payload.tier || 'free';
       this.expiry = payload.exp;
@@ -67,13 +92,22 @@ class LicenseManager {
   }
 
   checkLimit(type, currentCount) {
-    if (this.tier === 'free') {
-      if (type === 'records' && currentCount >= 100) {
-        throw new Error('MumpixDB Free Tier Limit Reached: 100 records. Upgrade at mumpixdb.com for unlimited.');
-      }
-      if (type === 'mode' && currentCount === 'verified') {
-        throw new Error('MumpixDB "verified" consistency mode is a Pro feature. Upgrade at mumpixdb.com.');
+    // Option B: no record count gate. Gating is by capabilities/mode.
+    if (type === 'records') return true;
+
+    if (type === 'mode') {
+      const requested = String(currentCount || '').toLowerCase();
+      const caps = this._capsForTier(this.tier);
+      if (!caps.modes.includes(requested)) {
+        if (requested === 'strict') {
+          throw new Error('MumpixDB "strict" mode requires Developer tier or higher. Upgrade at mumpixdb.com.');
+        }
+        if (requested === 'verified') {
+          throw new Error('MumpixDB "verified" mode requires Compliance tier. Upgrade at mumpixdb.com.');
+        }
+        throw new Error(`MumpixDB mode "${requested}" is not available on your current tier.`);
       }
+      return true;
     }
     return true;
   }

package/src/core/store.js

@@ -15,6 +15,7 @@
 const fs   = require('fs');
 const path = require('path');
 const os   = require('os');
+const crypto = require('crypto');
 
 const MAGIC_VERSION = 1;
 
@@ -26,12 +27,14 @@ class MumpixStore {
     this.records  = [];       // { id, content, ts, h }
     this._nextId  = 1;
     this._fd      = null;     // open file descriptor for appends
+    this._strictIntegrity = false;
   }
 
   // ── Public ──────────────────────────────────────
 
   open(opts = {}) {
     const consistency = opts.consistency || 'eventual';
+    this._strictIntegrity = consistency === 'strict' || consistency === 'verified';
 
     if (fs.existsSync(this.filePath)) {
       this._load();
@@ -43,10 +46,21 @@ class MumpixStore {
         consistency,
         created: Date.now(),
         path: path.basename(this.filePath),
+        fileId: crypto.randomUUID ? crypto.randomUUID() : crypto.randomBytes(16).toString('hex'),
+        hashAlg: 'hmac-sha256',
       };
       this._writeHeader();
     }
 
+    if (!this.header.fileId) {
+      this.header.fileId = crypto.randomUUID ? crypto.randomUUID() : crypto.randomBytes(16).toString('hex');
+      this._rewriteFull();
+    }
+    if (!this.header.hashAlg) {
+      this.header.hashAlg = 'hmac-sha256';
+      this._rewriteFull();
+    }
+
     // Update consistency if caller changed it
     if (this.header.consistency !== consistency) {
       this.header.consistency = consistency;
@@ -70,11 +84,12 @@ class MumpixStore {
    * Returns the new record.
    */
   write(content) {
+    const trimmed = content.trim();
     const record = {
       id:      this._nextId++,
-      content: content.trim(),
+      content: trimmed,
       ts:      Date.now(),
-      h:       this._hash(content),
+      h:       this._hash(trimmed),
     };
 
     // 1. Write to WAL
@@ -150,14 +165,31 @@ class MumpixStore {
     }
 
     this.records = [];
+    let lastId = 0;
+    const seenIds = new Set();
     for (let i = 1; i < lines.length; i++) {
       try {
         const r = JSON.parse(lines[i]);
-        if (r && r.id && r.content) {
+        if (r && Number.isInteger(r.id) && typeof r.content === 'string' && r.content.length > 0) {
+          const monotonic = r.id > lastId;
+          const duplicate = seenIds.has(r.id);
+          const hashOk = this._verifyHash(r);
+          if (!monotonic || duplicate || !hashOk) {
+            const msg = !hashOk
+              ? `mumpix: integrity hash mismatch for id=${r.id}`
+              : `mumpix: invalid record order/id at id=${r.id}`;
+            if (this._strictIntegrity) throw new Error(msg);
+            continue;
+          }
           this.records.push(r);
+          seenIds.add(r.id);
+          lastId = r.id;
           if (r.id >= this._nextId) this._nextId = r.id + 1;
         }
-      } catch (_) { /* skip corrupt lines */ }
+      } catch (err) {
+        if (this._strictIntegrity) throw err;
+        // skip corrupt lines in eventual mode
+      }
     }
   }
 
@@ -167,23 +199,37 @@ class MumpixStore {
     const raw   = fs.readFileSync(this.walPath, 'utf8');
     const lines = raw.split('\n').filter(l => l.trim());
     let dirty   = false;
+    let lastId = this.records.length ? this.records[this.records.length - 1].id : 0;
+    const seenIds = new Set(this.records.map(r => r.id));
 
     for (const line of lines) {
       try {
         const entry = JSON.parse(line);
         if (entry.op === 'write' && entry.entry) {
-          const exists = this.records.find(r => r.id === entry.entry.id);
-          if (!exists) {
+          const candidate = entry.entry;
+          const exists = seenIds.has(candidate.id);
+          const monotonic = Number.isInteger(candidate.id) && candidate.id > lastId;
+          const hashOk = this._verifyHash(candidate);
+          if (!exists && monotonic && hashOk) {
             this.records.push(entry.entry);
             if (entry.entry.id >= this._nextId) this._nextId = entry.entry.id + 1;
+            seenIds.add(entry.entry.id);
+            lastId = entry.entry.id;
             dirty = true;
+          } else if (this._strictIntegrity) {
+            throw new Error(`mumpix: rejected WAL write id=${candidate.id}`);
           }
         } else if (entry.op === 'clear') {
           this.records = [];
           this._nextId = 1;
+          seenIds.clear();
+          lastId = 0;
           dirty = true;
         }
-      } catch (_) { /* skip corrupt WAL lines */ }
+      } catch (err) {
+        if (this._strictIntegrity) throw err;
+        // skip corrupt WAL lines in eventual mode
+      }
     }
 
     if (dirty) this._rewriteFull();
@@ -218,6 +264,34 @@ class MumpixStore {
   }
 
   _hash(s) {
+    const secret = process.env.MUMPIX_INTEGRITY_SECRET;
+    if (secret && secret.trim()) {
+      const digest = crypto
+        .createHmac('sha256', secret)
+        .update(String(s), 'utf8')
+        .digest('hex');
+      return `hmac256:${digest}`;
+    }
+    let h = 0x811c9dc5;
+    for (let i = 0; i < s.length; i++) {
+      h ^= s.charCodeAt(i);
+      h = Math.imul(h, 0x01000193);
+    }
+    return '0x' + (h >>> 0).toString(16).padStart(8, '0');
+  }
+
+  _verifyHash(record) {
+    if (!record || typeof record.content !== 'string' || typeof record.h !== 'string') return false;
+    if (record.h.startsWith('hmac256:')) {
+      const secret = process.env.MUMPIX_INTEGRITY_SECRET;
+      if (!secret || !secret.trim()) return false;
+      return this._hash(record.content) === record.h;
+    }
+    // Backward compatibility for legacy records while migrating.
+    return this._hashLegacy(record.content) === record.h;
+  }
+
+  _hashLegacy(s) {
     let h = 0x811c9dc5;
     for (let i = 0; i < s.length; i++) {
       h ^= s.charCodeAt(i);